<?php
/**
 * PM5 PHP Framework
 * Originally developed by Patrick McGovern
 *
 */
class HandlePassedParams
{
	/**
	 * list of expected possible parameters to be passed via GET or POST
	 *
	 * @var object
	 */
	private $_definedParameters;
	
	public function __construct($main)
	{
		/**
		 * reference the main construct of the application
		 */
		$this->main = $main;
		
		/**
		 * Call the defined parameters list
		 */
		include_once '../config/definedParameters.php';
		$this->_definedParameters = $definedParameters;
		
		/**
		 * Cleanse the data
		 */
		$this->_cleansePassedParams();
		
		/**
		 * Remove all request variables
		 * This keeps potentially unsafe data from being available to the application
		 */
		$this->_removeRequestVariables();
		
		return true;
	}
	
	/**
	 * Loop through all passed params
	 * Verify  if they exist in the definedParameters list
	 * If they are legit, set as class vars
	 *
	 * @todo add in data cleansing
	 * @return boolean
	 */
	private function _cleansePassedParams()
	{
		foreach ($_REQUEST AS $paramName => $paramValue)
		{
			/**
			 * Make sure the passed parameter is expected
			 * as defined in the $this->_definedParameters list
			 */
			if (array_key_exists($paramName,$this->_definedParameters)){
				$this->{$paramName} = $this->_cleanData($paramValue);
			}
		}
		
		return true;
	}
	
	private function _cleanData()
	{
		$value = (get_magic_quotes_gpc()) ? stripslashes($value) : $value;
		
		$value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);

		return $value;
	}
	
	/**
	 * Remove all request vars so they cannot be touched
	 */
	private function _removeRequestVariables()
	{
		unset($_POST, $_GET, $_REQUEST);
		
		return true;
	}
}